VirusShare_dd53e1802a8ea7f814fbff49c362ca80

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare_dd53e1802a8ea7f814fbff49c362ca80
Size

140KB
MD5

dd53e1802a8ea7f814fbff49c362ca80
SHA1

8ee095d3a79e32085aca9959fd417d7051743abe
SHA256

7c2b9553b5eee1688130d367be5a210ad2007b16d5d8edb968fac03841b528b8
SHA512

7983756308b641e0b08cb4e4275dc5284e72dccbebabba4fc15ee5f520fa45021c48f2aff4e3fc0d51935aa48a7b4a29c37a3d5884c6938bbf690fc8317de9a2
SSDEEP

3072:iVDbclkUsR/KMl+61o8TJu2WXuku8ukXDm:iZbclkUsRSMn1nTJu2WXuku8ukzm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare_dd53e1802a8ea7f814fbff49c362ca80

Files

VirusShare_dd53e1802a8ea7f814fbff49c362ca80
.exe windows:5 windows x86 arch:x86

34d7e85c1f39ffe70988138d6fc14099

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

W:\permissive\teach\intractable\li.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
HeapReAlloc
SetStdHandle
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
SetFilePointer
GetFileType
SetHandleCount
GetModuleFileNameW
WriteFile
LoadLibraryW
EnterCriticalSection
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
CloseHandle
WriteConsoleW
GetProcAddress
FreeLibrary
CreateEventA
GetLastError
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
SetConsoleCursorPosition
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GlobalLock
CreateDirectoryA
FindFirstFileA
lstrcpyA
lstrcatA
GetFileAttributesA
CopyFileA
SetFileAttributesA
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
IsProcessorFeaturePresent
CreateFileW
HeapFree
FindNextFileA
FindClose
GlobalUnlock
HeapAlloc
GetTickCount
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
WideCharToMultiByte
RtlUnwind
RaiseException
GetCurrentThreadId
CreateThread
LeaveCriticalSection
LoadLibraryA

user32

EnumChildWindows
DispatchMessageA
GetMessageA
ClientToScreen
InsertMenuItemA
SetWindowLongA
SendDlgItemMessageA
SetDlgItemInt
SetTimer
GetWindowLongA
LoadBitmapA
LoadCursorA
GetWindowDC
SetWindowRgn
SetCursorPos
SendMessageA
ChildWindowFromPoint
ScreenToClient
FindWindowA
GetSystemMetrics
GetSubMenu
SetWindowTextA
SetDlgItemTextA
ShowWindow
GetParent
FindWindowExA
GetWindowRect
SetWindowPos
GetClassNameW
MessageBoxA
RegisterClipboardFormatA
GetDlgItem
GetMenuItemInfoA
IsWindowEnabled
GetDC
GetClientRect
ReleaseDC
GetDlgItemTextA
AttachThreadInput
FillRect
KillTimer
EndDialog
wsprintfA

gdi32

CreateRectRgn
CombineRgn
CreateSolidBrush
CreateEllipticRgnIndirect
CreatePatternBrush
CreatePen
SelectObject
Rectangle
SetPixelFormat
DeleteObject
StartDocA
StartPage
TextOutA
EndPage
EndDoc
DeleteDC

comdlg32

PrintDlgA

advapi32

LsaRemoveAccountRights
LsaAddAccountRights
GetUserNameW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
OleInitialize
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StringFromCLSID
CoTaskMemFree

netapi32

NetApiBufferFree
NetUserGetInfo

comctl32

ord8
ord16
PropertySheetA
InitCommonControlsEx

gdiplus

GdipCreatePath
GdipAddPathLine
ord1
GdipAddPathString
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawPath
GdipGraphicsClear
GdipFillPath
GdipCloneBrush
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipClosePathFigure
GdipDeletePath
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateSolidFill
GdipSetPathFillMode

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetConversionStatus

setupapi

SetupDiGetDeviceInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiSetDeviceInstallParamsA

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sidata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.feta
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34d7e85c1f39ffe70988138d6fc14099

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

netapi32

comctl32

gdiplus

imm32

setupapi

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 12KB

.nata Size: 5KB - Virtual size: 5KB

.sidata Size: 6KB - Virtual size: 5KB

.feta Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 35KB - Virtual size: 34KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 12KB

.nata
Size: 5KB - Virtual size: 5KB

.sidata
Size: 6KB - Virtual size: 5KB

.feta
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 35KB - Virtual size: 34KB